Adding non-domain computers to ControlUp

As you know ControlUp does not officially support monitoring non-domain computers. However, we can fool ControlUp into thinking that a workgroup computer is domain joined. We will still need a functional AD domain for this to work, but the computer doesn’t really need to be joined to it. In brief, we will make sure name resolution is available, create a bogus computer account, pre-install ControlUp Agent using an MSI package and we’re good to go!

Here are the step-by-step instructions, where SERVER01 is the computer name, 10.1.6.6 is its IP address and domain.local is the AD domain suffix:

Make sure the computer is accessible using an FQDN with your AD domain suffix. You can do one of the following:

Alternatively, add an entry to your Hosts file with the FQDN and IP, like10.1.6.6 SERVER01.domain.local

Prepare a bogus computer account in your functional AD domain, with the dNSHostName attribute populated. Here’s a Powershell snippet that does that:Import-Module ActiveDirectoryNew-ADComputer -Name “SERVER01” -SAMAccountName “SERVER01” -Path “CN=Computers,DC=domain,DC=local” –DNSHostName “SERVER01.domain.local”Note: this step is only required in order to add the computer to ControlUp. You can later delete the bogus AD account. However, DNS resolution needs to stay in place.

Install ControlUp Agent on the target computer using an MSI package. Make sure you download a package with the correct CPU architecture and .NET version.

Configure the Security Policy to grant the “Connect” permission under “Run Computer Actions” to Organization Members:

In ControlUp Console, use the Add Computers button to browse for the target computer in AD. As long as the agent service is running on the target computer (it should, since the service startup type is Automatic), you should be able to connect to the computer, monitor it and even perform management actions!

Beware, this functionality is essentially a hack, so don’t be surprised if you encounter unexpected errors. However, our tests indicate that monitoring and management actions work, which is great for anyone out there who’s interested in monitoring computers in DMZ or not joined to a domain for other reasons.